Hi Folks,
We've set up a set of Squid-boxes + LB in LVS-TUN setup (running 2.6.9,
used to run 2.6.8). I'm doing content filtering on this farm.
I feel happy with LVS for now, but there are some questions rising.
Our setup:
/proc/sys/net/ipv4/vs# ipvsadm --list -n
IP Virtual Server version 1.2.0 (size=32768)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 212.xx.xx.xx:8080 rr persistent 360
-> 10.0.0.21:8080 Tunnel 50 2521 18336
-> 10.0.0.20:8080 Tunnel 50 2549 17606
It's working fine, but i got some messages from our servicedesk saying
there are problems with long-term connecties especcially like
HTTPS-CONNECTS.
Problem is, I cannot reproduce the problem for know, at home I can't
reproduce, at work I can't reproduce too...
Other clients had problems with logging in to sites, some people now
set their proxy directly to one of the realservers and problems are
over... (they had troubles logging in to hotmail, Dutch MediaMarkt (to
upload foto's for print service, see www.mediamarkt.nl -> foto print
service)). There are other people complaining about Windows Update not
want to start (searching for updates ................. and are then
terminating with errorcode xxx and: try again later). At the same time,
same realserver, i do not have problems.
No there are still questions:
- Can this be the MTU (both on WAN and LAN: 1500 bytes, at LB and
Realservers)? What is MTU's impact on LVS-TUN (maybe ip-encap?)?
- Why is the InActConn so high? When I restart the load balancer,
everything is zeroed. Then within no-time inactconn is filled, and then
establishing at around 18000.
- What's the impact of size=32768. Is it high enough for my setup?
- Is there anybody having same problems like this?
- How can I see if connectiontable is full? `dmesg` gives no output.
Settings:
lb:/proc/sys/net/ipv4/vs# for i in `ls --color=no`; do echo "$i: `cat
$i`"; done
am_droprate: 10
amemthresh: 1024
cache_bypass: 0
drop_entry: 0
drop_packet: 0
expire_nodest_conn: 0
lblc_expiration: 86400
lblcr_expiration: 86400
nat_icmp_send: 0
secure_tcp: 0
sync_threshold: 3 50
Counters are like:
lb:/proc/sys/net/ipv4/vs# ipvsadm --list -c -n | grep ESTA | wc -l
5070
lb:/proc/sys/net/ipv4/vs# ipvsadm --list -c -n | grep -v ESTA | wc -l
36851
Using all DSL-lines / ISDN / modems.
Thanks for help!
JdW.
|